nomyo-js/src/api/SecureChatCompletion.ts

/**
 * OpenAI-compatible secure chat completion API
 * Provides a drop-in replacement for OpenAI's ChatCompletion API with end-to-end encryption
 */

import { SecureCompletionClient, generateUUID } from '../core/SecureCompletionClient';
import { ChatCompletionConfig } from '../types/client';
import { ChatCompletionRequest, ChatCompletionResponse } from '../types/api';

export class SecureChatCompletion {
    private client: SecureCompletionClient;
    private apiKey?: string;

    constructor(config: ChatCompletionConfig = {}) {
        const {
            baseUrl = 'https://api.nomyo.ai:12435',
            allowHttp = false,
            apiKey,
            secureMemory = true,
            timeout,
            debug,
            keyRotationInterval,
            keyRotationDir,
            keyRotationPassword,
        } = config;

        this.apiKey = apiKey;
        this.client = new SecureCompletionClient({
            routerUrl: baseUrl,
            allowHttp,
            secureMemory,
            ...(timeout !== undefined && { timeout }),
            ...(debug !== undefined && { debug }),
            ...(keyRotationInterval !== undefined && { keyRotationInterval }),
            ...(keyRotationDir !== undefined && { keyRotationDir }),
            ...(keyRotationPassword !== undefined && { keyRotationPassword }),
        });
    }

    /**
     * Create a chat completion (matches OpenAI API).
     *
     * Supports additional NOMYO-specific fields:
     * - `security_tier`: "standard" | "high" | "maximum" — controls hardware routing
     * - `api_key`: per-request API key override (takes precedence over constructor key)
     */
    async create(request: ChatCompletionRequest): Promise<ChatCompletionResponse> {
        const payloadId = generateUUID();

        // Extract NOMYO-specific fields that must not go into the encrypted payload
        const { security_tier, api_key, ...payload } = request as ChatCompletionRequest & {
            security_tier?: string;
            api_key?: string;
        };

        const apiKey = api_key ?? this.apiKey;

        if (!payload.model) {
            throw new Error('Missing required field: model');
        }
        if (!payload.messages || !Array.isArray(payload.messages)) {
            throw new Error('Missing or invalid required field: messages');
        }

        const response = await this.client.sendSecureRequest(
            payload,
            payloadId,
            apiKey,
            security_tier
        );

        return response as unknown as ChatCompletionResponse;
    }

    /**
     * Async alias for create() (for compatibility with OpenAI SDK)
     */
    async acreate(request: ChatCompletionRequest): Promise<ChatCompletionResponse> {
        return this.create(request);
    }

    /**
     * Release resources: stop key rotation timer and zero in-memory key material.
     */
    dispose(): void {
        this.client.dispose();
    }
}
feature: port from python client lib 2026-01-17 12:02:08 +01:00			`/**`
			`* OpenAI-compatible secure chat completion API`
			`* Provides a drop-in replacement for OpenAI's ChatCompletion API with end-to-end encryption`
			`*/`

fix: - AES GCM protocol mismatch - better, granular error handling - UUID now uses crypto.randomUUID() - added native mlock addon to improve security - ZeroBuffer uses explicit_bzero now - fixed imports feat: - added unit tests 2026-03-04 11:30:44 +01:00			`import { SecureCompletionClient, generateUUID } from '../core/SecureCompletionClient';`
feature: port from python client lib 2026-01-17 12:02:08 +01:00			`import { ChatCompletionConfig } from '../types/client';`
			`import { ChatCompletionRequest, ChatCompletionResponse } from '../types/api';`

			`export class SecureChatCompletion {`
			`private client: SecureCompletionClient;`
			`private apiKey?: string;`

			`constructor(config: ChatCompletionConfig = {}) {`
			`const {`
fix: base_url port feat: add types for reasoning_content and _metadata fix: key format incompatibility 2026-04-01 13:38:45 +02:00			`baseUrl = 'https://api.nomyo.ai:12435',`
feature: port from python client lib 2026-01-17 12:02:08 +01:00			`allowHttp = false,`
			`apiKey,`
			`secureMemory = true,`
fix: Added DisposedError Wrapped zeroMemory() in its own try/catch in finally Generic error message; fixed ArrayBufferLike TypeScript type issue Generic error message; password/salt/IV wrapped in SecureByteContext Password ≥8 chars enforced; zeroKeys(); rotateKeys(); debug-gated logs; TS type fix Zero source ArrayBuffer after req.write() Added timeout, debug, keyRotationInterval, keyRotationDir, keyRotationPassword dispose(), assertNotDisposed(), startKeyRotationTimer(), rotateKeys(); Promise-mutex on ensureKeys(); new URL() validation; CR/LF API key check; server error detail truncation; response schema validation; all console.log behind debugMode Propagates new config fields; dispose() Tests for dispose, timer, header injection, URL validation, error sanitization, debug flag Tests for generic error messages, password validation, zeroKeys() 2026-04-01 14:28:05 +02:00			`timeout,`
			`debug,`
			`keyRotationInterval,`
			`keyRotationDir,`
			`keyRotationPassword,`
feature: port from python client lib 2026-01-17 12:02:08 +01:00			`} = config;`

			`this.apiKey = apiKey;`
			`this.client = new SecureCompletionClient({`
			`routerUrl: baseUrl,`
			`allowHttp,`
			`secureMemory,`
fix: Added DisposedError Wrapped zeroMemory() in its own try/catch in finally Generic error message; fixed ArrayBufferLike TypeScript type issue Generic error message; password/salt/IV wrapped in SecureByteContext Password ≥8 chars enforced; zeroKeys(); rotateKeys(); debug-gated logs; TS type fix Zero source ArrayBuffer after req.write() Added timeout, debug, keyRotationInterval, keyRotationDir, keyRotationPassword dispose(), assertNotDisposed(), startKeyRotationTimer(), rotateKeys(); Promise-mutex on ensureKeys(); new URL() validation; CR/LF API key check; server error detail truncation; response schema validation; all console.log behind debugMode Propagates new config fields; dispose() Tests for dispose, timer, header injection, URL validation, error sanitization, debug flag Tests for generic error messages, password validation, zeroKeys() 2026-04-01 14:28:05 +02:00			`...(timeout !== undefined && { timeout }),`
			`...(debug !== undefined && { debug }),`
			`...(keyRotationInterval !== undefined && { keyRotationInterval }),`
			`...(keyRotationDir !== undefined && { keyRotationDir }),`
			`...(keyRotationPassword !== undefined && { keyRotationPassword }),`
feature: port from python client lib 2026-01-17 12:02:08 +01:00			`});`
			`}`

			`/**`
fix: - AES GCM protocol mismatch - better, granular error handling - UUID now uses crypto.randomUUID() - added native mlock addon to improve security - ZeroBuffer uses explicit_bzero now - fixed imports feat: - added unit tests 2026-03-04 11:30:44 +01:00			`* Create a chat completion (matches OpenAI API).`
			`*`
			`* Supports additional NOMYO-specific fields:`
			* - `security_tier`: "standard" \| "high" \| "maximum" — controls hardware routing
			* - `api_key`: per-request API key override (takes precedence over constructor key)
feature: port from python client lib 2026-01-17 12:02:08 +01:00			`*/`
			`async create(request: ChatCompletionRequest): Promise<ChatCompletionResponse> {`
fix: - AES GCM protocol mismatch - better, granular error handling - UUID now uses crypto.randomUUID() - added native mlock addon to improve security - ZeroBuffer uses explicit_bzero now - fixed imports feat: - added unit tests 2026-03-04 11:30:44 +01:00			`const payloadId = generateUUID();`
feature: port from python client lib 2026-01-17 12:02:08 +01:00
fix: - AES GCM protocol mismatch - better, granular error handling - UUID now uses crypto.randomUUID() - added native mlock addon to improve security - ZeroBuffer uses explicit_bzero now - fixed imports feat: - added unit tests 2026-03-04 11:30:44 +01:00			`// Extract NOMYO-specific fields that must not go into the encrypted payload`
			`const { security_tier, api_key, ...payload } = request as ChatCompletionRequest & {`
			`security_tier?: string;`
			`api_key?: string;`
			`};`
feature: port from python client lib 2026-01-17 12:02:08 +01:00
fix: - AES GCM protocol mismatch - better, granular error handling - UUID now uses crypto.randomUUID() - added native mlock addon to improve security - ZeroBuffer uses explicit_bzero now - fixed imports feat: - added unit tests 2026-03-04 11:30:44 +01:00			`const apiKey = api_key ?? this.apiKey;`
feature: port from python client lib 2026-01-17 12:02:08 +01:00
			`if (!payload.model) {`
			`throw new Error('Missing required field: model');`
			`}`
			`if (!payload.messages \|\| !Array.isArray(payload.messages)) {`
			`throw new Error('Missing or invalid required field: messages');`
			`}`

			`const response = await this.client.sendSecureRequest(`
			`payload,`
			`payloadId,`
fix: - AES GCM protocol mismatch - better, granular error handling - UUID now uses crypto.randomUUID() - added native mlock addon to improve security - ZeroBuffer uses explicit_bzero now - fixed imports feat: - added unit tests 2026-03-04 11:30:44 +01:00			`apiKey,`
			`security_tier`
feature: port from python client lib 2026-01-17 12:02:08 +01:00			`);`

fix: - AES GCM protocol mismatch - better, granular error handling - UUID now uses crypto.randomUUID() - added native mlock addon to improve security - ZeroBuffer uses explicit_bzero now - fixed imports feat: - added unit tests 2026-03-04 11:30:44 +01:00			`return response as unknown as ChatCompletionResponse;`
feature: port from python client lib 2026-01-17 12:02:08 +01:00			`}`

			`/**`
			`* Async alias for create() (for compatibility with OpenAI SDK)`
			`*/`
			`async acreate(request: ChatCompletionRequest): Promise<ChatCompletionResponse> {`
			`return this.create(request);`
			`}`
fix: Added DisposedError Wrapped zeroMemory() in its own try/catch in finally Generic error message; fixed ArrayBufferLike TypeScript type issue Generic error message; password/salt/IV wrapped in SecureByteContext Password ≥8 chars enforced; zeroKeys(); rotateKeys(); debug-gated logs; TS type fix Zero source ArrayBuffer after req.write() Added timeout, debug, keyRotationInterval, keyRotationDir, keyRotationPassword dispose(), assertNotDisposed(), startKeyRotationTimer(), rotateKeys(); Promise-mutex on ensureKeys(); new URL() validation; CR/LF API key check; server error detail truncation; response schema validation; all console.log behind debugMode Propagates new config fields; dispose() Tests for dispose, timer, header injection, URL validation, error sanitization, debug flag Tests for generic error messages, password validation, zeroKeys() 2026-04-01 14:28:05 +02:00
			`/**`
			`* Release resources: stop key rotation timer and zero in-memory key material.`
			`*/`
			`dispose(): void {`
			`this.client.dispose();`
			`}`
feature: port from python client lib 2026-01-17 12:02:08 +01:00			`}`